Exposición de GitLab
Development, Issue trackers312
score de exposición
761
sitios usan
4
en explotación
24
críticos
CVEs
1055 resultadosCVE-2013-4582—The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4EPSS 1.9%CVE-2019-5472—An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epEPSS 1.9%CVE-2020-13277MEDIUMAn authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5EPSS 1.8%CVE-2021-22217MEDIUMA denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolleEPSS 1.8%CVE-2020-13306LOWA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform deniaEPSS 1.8%CVE-2022-1510MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.EPSS 1.8%CVE-2020-13356HIGHAn issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart EPSS 1.8%CVE-2020-13269MEDIUMA Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE EPSS 1.8%CVE-2020-13267MEDIUMA Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and lEPSS 1.8%CVE-2021-22213HIGHA cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access tokEPSS 1.7%CVE-2020-13355HIGHAn issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows EPSS 1.7%CVE-2022-0244HIGHAn issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a grouEPSS 1.7%CVE-2020-13310MEDIUMA vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner processEPSS 1.7%CVE-2020-13308LOWA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could beEPSS 1.6%CVE-2019-15585—Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitEPSS 1.6%CVE-2020-13304LOWA vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated EPSS 1.6%CVE-2020-13296MEDIUMAn issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for DEPSS 1.6%CVE-2021-22167MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attackerEPSS 1.6%CVE-2019-5470—An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could resulEPSS 1.6%CVE-2020-13271MEDIUMA Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EEEPSS 1.5%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →